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DETAILED ACTION 

Response to Amendment 

1 . In response to communications filed on 06/27/2008, the Examiner acknowledges 
the amendments made to the claims and have both considered and applied them to the 
claims. 

Response to Remarks/Arguments 

2. Applicant's arguments with respect to the rejection of claims 27-47 have been 
fully considered but they are not persuasive. 

2.1 In response to Applicant argument that the Examiner attempting to equate the 
"cookie disclosed in Cheng to artifacts of the amended claims" the Examiner 
respectfully disagrees, reminding the Applicant that in the previous response to 
arguments of 03/27/2008, the Examiner responded "In response to Applicant argument 
that the Cheng and Botz references do not teach or suggest artifacts as recited in 
the claims, the Examiner respectfully disagrees citing columnl lines 47-50 - "user- 
specific information ... personal data ... pertaining to a user" and column 1 lines 52-60 
which specifically recites user information (artifacts) such as "credit card 
information, street address, telephone number, social security number, bank details, 
personal health information, taxation data, criminal records, etc. from one sever to 
another." The Examiner further cites column 2 lines 5-1 2 of Cheng - "conveying access 
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control information ... identification, authentication, authorization and privilege 
information from one network device to another network device through an end user 
device" and column 5 line 66 - column 6 line 2 which recites, "a single MDSSO cookie 
provides access to all the URLs of a domain ... each cookie can provide access to 
particular resources available at a network device." The Examiner submits that from the 
above quotation and citation it is clear that the user information of Cheng is being 
equated to the claimed artifacts. The Examiner respectfully emphasizes that the 
disclosed cookie of Cheng has not been equated to the claimed artifacts of the instant 
Application. Thus, based upon the arguments provided by the Examiner in the previous 
response, which the Applicant has not responded to, the 102(e) and 103(a) rejections 
are maintained. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 27-31 , 33-35, 37-38, 40-45 and 47 are rejected under 35 U.S.C. 102(e) 
as being disclosed by Cheng et al. (U.S. Patent 7,010,582 B1 hereinafter 
Cheng). 
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[Examiner's Reasoning: The Examiner understands the disclosed 
"servers" of column 1 0 line 1 9 - column 1 1 line 1 2, to read upon the 
claimed multiple "applications" (first application, second application, etc.) 
as these "applications" are functioning as servers and performing the 
duties or services of a server. Anyone skilled in the art would understand 
the disclosed "applications" to be the software or applications which 
operate(s) servers, such as the servers disclosed by Cheng et al.1 

Regarding claim 27 , Cheng et al. . discloses a method for managing access to a 
plurality of applications using a central server, comprising: 

• receiving a user name and a user password of a user from a first 
application (col.1 lines 47-50 - "user-specific information ... personal data 
... pertaining to a user"); 

• authentication the user using the user name and password (col. 6 lines 
53-59 - "the authentication front end 22, after successful validation, 
generates an MDSSO cookie and sends this back to the user in the 
header portion of a message which also redirects the user's browser to 
access the server's MDSSO function 24"); 

• generating, in response to the successful authentication, identity assertion 
information comprising information associated with the user for use by a 
plurality of applications to authenticate the user (col. 2 lines 12-36 - 
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"network device in response to this message from the end user device 
sends a response message to the end user device containing the access 
control information to be conveyed to the another network device"); 

• generating a first artifact associated with the identity assertion information, 
wherein the first artifact is used to obtain the identity assertion information 
(col. 1 lines 52-60 - "sending credit card information, street address, 
telephone number, social security number, bank details, personal health 
information, taxation data, criminal records, etc. from one sever to 
another"); 

• sending the first artifact to the first application (col. 1 lines 52-60 - 
"sending credit card information, street address, telephone number, social 
security number, bank details, personal health information, taxation data, 
criminal records, etc. from one sever to another"); 

• receiving the first artifact and a request for the identity assertion 
information from a second application, wherein the second application 
receives the first artifact from the first application (col. 2 lines 12-36 - 
"network device in response to this message from the end user device 
sends a response message to the end user device containing the access 
control information to be conveyed to the another network device"); 

[Examiner's Reasoning: The Examiner understands the disclosed 
network devices to comprise a plurality of network devices as 
suggested and specified by the claims of Cheng (claims 25-28).] 
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• verifying the validity of the first artifact upon receipt from the second 
application (col. 6 lines 53-59 - "the authentication front end 22, after 
successful validation, generates an MDSSO cookie and sends this back to 
the user in the header portion of a message which also redirects the 
user's browser to access the server's MDSSO function 24"); 

• retrieving, after successful validation of the first artifact, the identity 
assertion information for the user using the first artifact (col. 1 lines 52-60 
- "sending credit card information, street address, telephone number, 
social security number, bank details, personal health information, taxation 
data, criminal records, etc. from one sever to another"); and 

• receiving a request for a second artifact from the second application and 
sending the identity assertion information to the second application, 
wherein the second application uses the identity assertion information to 
authorize the user to access the second application (col. 5 lines 4-15 - 
"response message being adapted to cause the end user device to send a 
second message to the another network device containing at least part of 
the user-specific information after presenting an option to the end user 
device the second message has a header portion and a content portion 
and the second message contains the at least part of the user specific 
information embedded within its content portion"); 
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• rendering the first artifact invalid for future use by any of the plurality of 
applications (col. 7 lines 9-1 1 - "the cookie may also have an expiry 
date"); and 

• receiving a request for a second artifact from the second application (col. 
10 lines 42-46 - "causing the browser to send a request message to 
Server_2 ... [t]he MDCB 108 on SERVER_2 is capable of extracting the 
data from the request") and 

• providing the second artifact associated with the identity assertion 
information, wherein the second artifact is used to obtain the identity 
assertion information, wherein the third application is a member of the 
plurality of applications (col. 2 lines 12-36 - "network device in response to 
this message from the end user device sends a response message to the 
end user device containing the access control information to be conveyed 
to the another network device"). 

Regarding claims 28 and 42, Cheng et al. . discloses the method wherein 

• receiving the second artifact and request for the identity assertion 
information from a third application, wherein the third application receives 
the second artifact from the second application (col. 2 lines 12-36 - 
"network device in response to this message from the end user device 
sends a response message to the end user device containing the access 
control information to be conveyed to the another network device"); 
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[Examiner's Reasoning: The Examiner understands the disclosed 
network devices to comprise a plurality of servers (applications) as 
suggested and specified by the claims of Cheng (claims 25-28).] 

• verifying the validity of the second artifact upon receipt from the third 
application (col. 6 lines 53-59 - "the authentication front end 22, after 
successful validation, generates an MDSSO cookie and sends this back to 
the user in the header portion of a message which also redirects the 
user's browser to access the server's MDSSO function 24"); 

• retrieving, upon successful validation, the identity assertion information for 
the user using the second artifact (col. 1 lines 52-60 - "sending credit card 
information, street address, telephone number, social security number, 
bank details, personal health information, taxation data, criminal records, 
etc. from one sever to another"); 

• sending the identity assertion information to the third application, wherein 
the third application uses the identity assertion information to authorize the 
user to access the third application (col. 2 lines 1-12 - "The invention, in 
accordance with one broad aspect, provides a method of conveying 
access control information, including but not limited to cookies, 
identification, authentication, authorization and privilege information from 
one network device to another network device through an end user 
device, for example in a system in which two servers and an end user 
device are all connected to the Internet, optionally after performing an 
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authentication on an initial access request in the event the network device 
is the first accesses. The method starts after the one network device 
receives a message from the end user device"); 

• rendering the second artifact invalid for future use by any of the plurality of 
applications (col. 7 lines 9-1 1 - "the cookie may also have an expiry 
date"); 

• receiving a request for a third artifact from the second application (col. 1 0 
lines - "further servers, a chain of servers being identified previously" 
which can continue the processes initiated by SERVER_1 and 
SERVER_2. The third server or application is indicated by the above 
citation.); 

• providing the third artifact associated with the identity assertion 
information, wherein the third artifact is used to obtain the identity 
assertion information (col. 2 lines 12-36 - "network device in response to 
this message from the end user device sends a response message to the 
end user device containing the access control information to be conveyed 
to the another network device"); 

• sending the identity assertion information to the second application, 
wherein the third application uses the identity assertion information to 
authorize the user to access the third application (col. 5 lines 4-15 - 
"response message being adapted to cause the end user device to send a 
second message to the another network device containing at least part of 
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the user-specific information after presenting an option to the end user 
device the second message has a header portion and a content portion 
and the second message contains the at least part of the user specific 
information embedded within its content portion"); 

• rendering the second artifact invalid for future use by any of the plurality of 
applications (col. 4 lines 51-60 - "it is noted that the information provided 
to an end user device by an initial network device may be a superset of 
the access control information contained in the response message"); and 

• receiving a request for a third artifact from the second application (col. 1 
lines 52-60 - "sending credit card information, street address, telephone 
number, social security number, bank details, personal health information, 
taxation data, criminal records, etc. from one sever to another"); and 

• providing the third artifact associated with the identity assertion 
information, wherein the third artifact is used to obtain the identity 
assertion information, wherein the third application is a member of the 
plurality of applications (col. 2 lines 12-36 - "network device in response to 
this message from the end user device sends a response message to the 
end user device containing the access control information to be conveyed 
to the another network device"); 

[Examiner's Reasoning: The Examiner understands the disclosed 
network devices to comprise a plurality of servers (applications) as 
suggested and specified by the claims of Cheng (claims 25-28).] 
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Regarding claim 29 and 43 , Cheng et al. . discloses the method wherein the 
identity assertion information is stored in the central server (Figure 1 element 20). 

Regarding claim 30 and 44 , Cheng et al. , discloses the method wherein the first 
artifact comprises a type code, a source identification, and an assertion 
identification (col. 1 lines 52-60 - "sending credit card information, street 
address, telephone number, social security number, bank details, personal health 
information, taxation data, criminal records, etc. from one sever to another"); 
sending the first artifact to the first application (col. 1 lines 52-60 - "sending credit 
card information, street address, telephone number, social security number, bank 
details, personal health information, taxation data, criminal records, etc. from one 
sever to another"). 

Regarding claim 31 and 45 , Cheng et al. , discloses the method wherein the first 
artifact further comprises a server identification (col.1 lines 47-50 - "user-specific 
information ... personal data ... pertaining to a user"). 

Regarding claim 33 and 47 , Cheng et al. . discloses the method wherein the user 
name and the user password are obtained by the first application from a web 
browser (col. 1 line 15 - "web-browser") and col.1 lines 47-50 - "user-specific 
information ... personal data ... pertaining to a user"). 



Application/Control Number: 10/683,728 
Art Unit: 2136 



Page 12 



Claim 34 is rejected under the same rationale as claim 27, as claim 34 is a 
system implementation of the method of claim 27. 

Claim 35 is rejected under the same rationale as claim 28 and 42, as claim 35 
comprises similar limitations claim 28 and 42. 

Claim 37 is rejected under the same rationale as claim 30, as claim 37 is a 
system implementation of the method of claim 30. 

Claim 38 is rejected under the same rationale as claim 31 and 45, as claim 38 
comprises similar limitations claim 31 and 45. 

Claim 40 is rejected under the same rationale as claim 33 and 47, as claim 40 
comprises similar limitations claim 33 and 47. 

Claim 41 is rejected under the same rationale as claim 27, as claim 41 is a 
computer readable memory comprising program instructions implementation of 
the method of claim 27. 

Claim Rejections - 35 USC § 103 
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4. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claim 32, 36, 39, and 46 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Cheng et al. (US Patent No. 7,01 0,582 B1 ) in view of Botz et 
a! (US Patent Application No. 2003/0177388 A1). 

Regarding claim 32, 36 and 46 , Cheng et al. , Cheng et al. is silent in disclosing 
the method as described in Claim I, wherein said assertion information and said 
plurality of artifacts substantially comply with a Security Assertions Markup 
Language (SAML) standard, and said network of trusted partner sites facilitates 
web browser single sign-on capabilities using interoperational protocols 
substantially complying with said SAML standard, however Botz et al. does 
disclose such a method (0066 of Botz et al. - "ITTs and ITTRs could be stored as 
published XML documents which could be stored further implemented using the 
Security Assertion Markup Language (SAML), which is a proposed standard."). 

It would have been obvious for one of ordinary skill in the art, at the time of 
the invention, the have been motivated to combine the system and 
method for providing interactions between multiple servers and an end 
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user with the authentication identity translation within a multiple computing 
unit environment of Botz etaL Cheng hints towards the possible benefit of 
such a combination in the recitation of the need for a "some standard data 
format should be agreed upon to pass the information from site to site. 
Furthermore, preferably this passing of confidential information should be 
done in a secure fashion, by using some sort of cryptographic means for 
example (col. 1 1 lines 47-52)." Botz et al. provides motivation for the 
combination in the description of, "the emerging web services computing 
model, [in which] the various AIT logical processes e.g., Domain Controller 
and interface services could be implemented as published and 
subscribed to web accessible services. Likewise, ITTs and ITTRs could be 
stored as published XML documents which could be further implemented 
using the Security Assertion Markup Language (SAML), which is a 
proposed standard." Clearly there is motivation and benefit to modify the 
invention of Cheng towards compliance with a technology, namely SAML 
which is a proposed standard. 

Claim 39 is rejected under the same rationale as claim 32, as claim 39 is a 
system implementation of the method of claim 32. 
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Conclusion 

5. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CHINWENDU C. OKORONKWO whose telephone 
number is (571 )272-2662. The examiner can normally be reached on MWF 2:30 - 6:00, 
TR 9:00-3:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571) 272 4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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